In-field firmware update is a feature that is increasingly used in microcontroller-based applications today and important benefits include service and support to products that are already deployed in the field (for example, being able to correct bugs or add new functionalities). As common as in-field firmware updates are in embedded systems, this feature is also commonly exploited by attackers; if the update process is vulnerable, it can compromise the security of the system.
This application report discusses the various security issues and respective measures to implement secure in-field firmware updates through the firmware transport and download process. This includes securing firmware image against reverse engineering and making sure that only authentic firmware from a trusted party whose integrity has not been compromised is allowed to be uploaded to the microcontroller.
The measures discussed in this document are general security measures to address the security threats involved with the in-field firmware updates process. The actual security solution proposal for a specific MSP product family may differ in their implementation and in the security feature set that is offered. Any specific solution is dependent on various factors including the default bootloader offerings, nonvolatile memory type, and hardware security features available on the MCU. Refer to the in-field firmware updates security solution specific to each MSP family for more details.